Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Cisco NX-OS Software Role-Based Access Control Elevated Privileges Vulnerability
Informations
Name cisco-sa-20180620-nxosrbac First vendor Publication 2018-06-20
Vendor Cisco Last vendor Modification 2018-06-20
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 9 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device.

The vulnerability is due to incorrect RBAC privilege assignment for certain CLI commands. An attacker could exploit this vulnerability by authenticating to a device as a nonadministrative user and executing specific commands from the CLI. An exploit could allow the attacker to run commands that should be restricted to administrative users. These commands could modify the configuration or boot image on the device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosrbac ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosrbac"]

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770"].

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJbKnqBXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczX+QQAMpAXjQVROnkpcAnZ107tKDc8ful WKVVAczgaCDNLjZS8a5vAxZqUR32oqQ/MhF79XrrK2SfJ5Zukn6ujLkpPVAoQ/ip JdsGawzQsrKYOmIAGnwT2oNsj0i83SBSbQ3THqtncL2tCnmyEgl65DQgcB94kRZN UqPQArLVQK/inzAzCKUflh9B7VMflXGxvP8wg1jOBsaYp4THQvSSGea9XFiETDgB lbbPnFVq/COUAbaj9FariQsBpWh5EMWzNFjk04sZI+M0fhGtOmEJV1c3Wc3Rt6vy Gs5VOh1VcODngnkEJs9iPtg59yIx3prn029qHVLEaz6QUerIdlub95Dqu5y3WO7e Wf2Qo1N7e0mwNE6cbF6WW0CUABMIJQb9/GZTdbTJDDAQ6Fi6kiB09JJsseckYREK tlpOirSNNLCf+T6ZsSBVr1gUBQVto6V1XZBfIyEOmhRhcwwXIoNGD2e3T+OpGhbA czJbhYExoJ4bg7ihNEprrMG1dVO3hssSMfx34YhG/+sCXEqgEd+DX2d7BC4SI01V nQTpj0X+fsol2M1HwS71LMUdh5WutzqvfeE7//KdMllzqzxq47UQUkyks45llh5C Iq5hrqsQqVNgCzQMDlnT1aA0AZFod1Ts5RmS/YbapXFnfGxEeBS0kyJU8B0DGKo2 WpV9wSqeqNT3jyxz =+rfd END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 603
Os 587

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2018-08-21 17:21:45
  • Multiple Updates
2018-06-21 00:21:09
  • Multiple Updates
2018-06-20 21:19:14
  • First insertion